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TENT COOPERATION TREATY 



From the INTERNATIONAL SEARCHING AUTHORITY 




To: 

HEWLETT-PACKARD LIMITED 
Intellectual Property Section 
Attn. Squibbs, Robert F. 
Filton Road 
Stoke Gifford 
Bristol BS34 8QZ 
UNITED KINGDOM 


NOTIFICATION OF TRANSMITTAL OF 
THE INTERNATIONAL SEARCH REPORT 
OR THE DECLARATION 

(PCT Rule 44.1) 


Date of mailing 

(day/month/year) 231 \ 1/2001 


Applicant's or agent* s file reference 
30003034 WO 


FOR FURTHER ACTION See paragraphs 1 and 4 below 


International application No. 

PCT/GB 01/02291 


International filing date 

(day/month/year) 23/05/2001 i 


Applicant 

HEWLETT-PACKARD COMPANY et al . 



1. fx"| The applicant is hereby notified that the International Search Report has been established and is transmitted herewith. 
Filing of amendments and statement under Article 19: 

The applicant is entitled, if he so wishes, to amend the claims of the International Application (see Rule 46): 

When? The time limit for filing such amendments is normally 2 months from the date of transmittal of the 
International Search Report; however, for more details, see the notes on the accompanying sheet. 



Where? Directly to the 



International Bureau of WIPO 
34, chemin des Colombettes 
121 1 Geneva 20, Switzerland 
Fascimile No.: (41-22) 740.14.35 



For more detailed instructions, see the notes on the accompanying sheet. 

2. | — | The applicant is hereby notified that no International Search Report will be established and that the declaration under 
I — ' Article 17(2)(a) to that effect is transmitted herewith. 

3. Q With regard to the protest against payment of (an) additional fee(s) under Rule 40.2, the applicant is notified that 

□ the protest together with the decision thereon has been transmitted to the International Bureau together with the 
applicant's request to forward the texts of both the protest and the decision thereon to the designated Offices. 

| | no decision has been made yet on the protest; the applicant will be notified as soon as a decision is made. 

4. Further action(s): The applicant is reminded of the following: 

Shortly after 18 months from the priority date, the international application will be published by the Internationa] Bureau. 
If the applicant wishes to avoid or postpone publication, a notice of withdrawal of the international application, or of the 
priority claim, must reach the International Bureau as provided in Rules 90o/s.1 and 90W&3, respectively, before the 
completion of the technical preparations for international publication. 

Within 19 months from the priority date, a demand for international preliminary examination must be filed if the applicant 
wishes to postpone the entry into the national phase until 30 months from the priority date (in some Offices even later). " 

Within 20 months from the priority date, the applicant must perform the prescribed acts for entry into the national phase 
before all designated Offices which have not been elected in the demand or in a later election within 19 months from the 
priority date or could not be elected because they are not bound by Chapter II. 





Name and mailing address of the International Searching Authority 
I European Patent Office, P.B. 5818 Patentlaan 2 
-Jjft NL-2280 HV Rijswijk 
QJIJ Tel. (+31-70) 340-2040, Tx. 31 651 epo nl, 


Authorized officer 

Veronique Cornudet-Henschel 
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These Notes are intended to give the bask? Inst ructions concerning the filing of amendments under article 19. The 
Notes are based on the requirements of the Patent Cooperation Treaty, the Regulations and the Administrative Instructions 
under that Treaty. In case of discrepancy between these Notes and those requirements, the latter are applicable. For more 
detailed Information, see also the PCT Applicant's Guide, a publication of WIPO. 

In these Notes, "Article*, "Rule', and 'Section* refer to the provisions of the PCT, the PCT Regulations and the PCT 
Administrative Instructions respectively. 



INSTRUCTIONS CONCERNING AMENDMENTS UNDER ARTICLE 19 



The applicant has, after having received the international search report, one opportunity to amend the claims of the 
international application. It should however be emphasized that, since ail parts of the international application (ctaims, 
description and drawings) may be amended during the international preliminary examination procedure, there is usually 
no need to file amendments of the claims under Article 1 9 except where, e.g. the applicant wants the latter to be published 
for the purposes of provisional protection or has another reason for amending the claims before international pbultcation. 
Furthermore, it should be emphasized that provisional protection is available in some States only. 



What parts of the International application may be amended? 

Under Article 1 9, only the claims may be amended. 

During the international phase, the claims may also be amended (or further amended) under Article 34 before 
the International Preliminary Examining Authority. The description and drawings may only be amended under 
Article 34 before the International Examining Authority. 

Upon entry into the national phase, all parts of the international application may be amended under Article 28 
or, where applicable, Article 41 . 



When? Within 2 months from the date of transmittal of the international search report or 1 6 months from the priority 

date, whichever time limit expires later. It should be noted, however, that the amendments will be considered 
as having been received on time if they are received by the Internationa! Bureau after the expiration of the 
applicable time limit but before the completion of the technical preparations for international publication 
(Rule 46.1). 



Where not to file the amendments? 

The amendments may only be filed with the International Bureau and not with the receiving Office or the 
International Searching Authority (Rule 46.2). 

Where a demand for international preliminary examination has been /is filed, see below. 



How? Either by cancelling one or more entire claims, by adding one or more new claims or by amending the text of 

one or more of the claims as filed. 

A replacement sheet must be submitted for each sheet of the claims which, on account of an amendment or 
amendments, differs from the sheet originally filed. 

All the claims appearing on a replacement sheet must be numbered in Arabic numerals. Where a claim is 
cancelled, no renumbering of the other claims is required. In all cases where claims are renumbered, they must 
be renumbered consecutively (Administrative Instructions, Section 205(b)). 

The amendments must be made In the language In which the International application Is to be published. 



What documents must/may accompany the amendments? 
Letter (Section 205(b)): 

The amendments must be submitted with a letter. 

.* * * 

The letter will not be published with the international application and the amended claims. It should not be 
confused with the 'Statement under Article 1 9(1)" (see below, under 'Statement under Article 19(1)"). 

The letter must be In English or French, at the choice of the applicant However, If the language of the 
International application Is English, the letter must be In English; If the language of the International application 
is French, the letter must be In French. 
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The letter must indicate the differences between the claims as filed and the claims as amended. It must, in 
particular, incScate, in connection with each claim appearing in the international application fit being understood 
that identical indications concerning several claims may be grouped) .whether 

(i) the claim is unchanged; 

(H) the claim is cancelled; 

(iii) the claim is new; 

(rv) the claim replaces one or more claims as fled; 

(v) the claim is the result of the division of a claim as filed. 



The following examples Illustrate the manner In which amendments must be explained In the 
accompanying letter: 

1 . [Where originally there were 48 claims and after amendment of some claims there are 51 J: 
"Claims 1 to 29, 31 , 32, 34, 35, 37 to 48 replaced by amended claims bearing the same numbers; 
claims 30, 33 and 36 unchanged; new claims 49 to 51 added." 

2. [Where originally there were 1 5 claims and after amendment of all claims there are 1 1): 
"Claims 1 to 1 5 replaced by amended claims 1 to 1 1 ." 

3. (Where originally there were 1 4 claims and the amendments consist in cancelling some claims and in adoSng 
new claims]: 

•Claims 1 to 6 and 1 4 unchanged; claims 7 to 1 3 cancelled; new claims 15,16 and 1 7 added." or 
"Claims 7 to 13 cancelled; new claims 1 5, 16 and 17 added; all other claims unchanged." 

4. [Where various kinds of amendments are made): 

"Claims 1-10 unchanged; claims 11 to 13, 18 and 19 cancelled, claims 14, 15 and 16 replaced by amended 
claim 1 4; claim 1 7 subdivided into amended claims 1 5, 1 6 and 1 7; new claims 20 and 21 added." 



-Statement under article 19(1) M (Rule 46.4) 

The amendments may be accompanied by a statement explaining the amendments and indicating any impact 
thai such amendments might have on the description and the drawings (which cannot be amended under 
Article 19(1)). 

The statement will be published with the international application and the amended claims. 
It must be In the language In which the International a application Is to be published. 

It must be brief, not exceeding 500 words if in English or if translated into English. 

It should not be confused with and does not replace the letter indicating the drfferenoes between the claims 
as filed and as amended. H must be filed on a separate sheet and must be identified as such by a heading, 
preferably by using the words "Statement under Article 1 9(1 ).* 

It may not contain any disparaging comments on the international search report or the relevance of citations 
contained in that report. Reference to citations, relevant to a given claim, contained in the international search 
report may be made only in connection with an amendment of that claim. 



Consequence If a demand for International preliminary examination has already been filed 

If, at the time of fifing any amendments under Article 1 9, a demand for international preliminary examination 
has already been submitted, the applicant must preferably, at the same time of filing the amendments with the 
International Bureau, also file a copy of such amendments with the International Preliminary Examining 
Authority (see Rute 62.2(a), first sentence). 



Consequence with regard to translation 61 the International application for entry Into the national phase 

The applicant's attention is drawn to the fact that, where upon entry into the national phase, a translation of the 
claims as amended under Article 19 may have to be furnished to the designated/elected Offices, instead of, or 

in addition to, the translation of the claims as filed. 
■ >* •» ' 

For further details on the requirements of each designated/elected Office, see Volume II of the PCT Applicant's 
Guide. 
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lnfj|^tlon on patent family members 
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Patent document 


TT Publication 




Patent family 
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date 
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22-07-1997 
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US 


6011973 A 
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AU 
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US 5243652 A 07-09-1993 WO 9408408 Al 14-04-1994 
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,. PATENT COOPERATION TREATY 

# PCT 



INTERNATIONAL SEARCH REPORT 

(PCT Article 18 and Rules 43 and 44) 



Applicant's or agenf s file reference 

30003034 WO 


pOR FURTHER see Notification of Transmittal of International Search Report 

(Form PCT/ISA/220) as well as, where applicable, item 5 below. 

ACTION 


International application No. 

PCT/6B 01/02291 


International filing date (day/month/year) 

23/05/2001 


(Earliest) Priority Date (day/month/year) 

24/05/2000 

U ! 


Applicant 

HEWLETT-PACKARD COMPANY et al . 



This International Search Report has been prepared by this International Searching Authority and is transmitted to the applicant 
according to Article 18. A copy is being transmitted to the International Bureau. 

This International Search Report consists of a total of 3 sheets. 

|Xj It is also accompanied by a copy of each prior art document cited in this report. 



1 . Basis of the report 

a. With regard to the language, the international search was carried out on the basis of the international application in the 
language in which it was filed, unless otherwise indicated under this item. 

I I the international search was carried out on the basis of a translation of the international application furnished to this 
Authority (Rule 23.1(b)). 

b. With regard to any nucleotide and/or amino acid sequence disclosed in the international application, the international search 
was carried out on the basis of the sequence listing : 
[ j contained in the international application in written form. 

filed together with the international application in computer readable form, 
furnished subsequently to this Authority in written form, 
furnished subsequently to this Authority in computer readble form. 



2. 
3. 



□ 
□ 
□ 
□ 

□ 



□ 
□ 



the statement that the subsequently furnished written sequence listing does not go beyond the disclosure in the 
international application as filed has been furnished. 

the statement that the information recorded in computer readable form is identical to the written sequence listing has been 
furnished 

Certain claims were found unsearchable (See Box I). 
Unity of invention is lacking (see Box II). 



4. With regard to the title, 

[X] the text is approved as submitted by the applicant. 

| | the text has been established by this Authority to read as follows: 



With regard to the abstract, 

[ ] the text is approved as submitted by the applicant, 
the text has been established, according to Rule 3\ 

within one month from the date of mailing of this international search report, submit comments to this Authority. 
6. The figure of the drawings to be published with the abstract is Figure No. 



[~)g the text has been established, according to Rule 38.2(b), by this Authority as it appears in Box III. The applicant may, 



|X| as suggested by the applicant. Q None of the figures. 

[ | because the applicant failed to suggest a figure. 

[^] because this figure better characterizes the invention. 
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International application No. 



INTERNATIO 




EA'RCH REPORT 




PCT/GB 01/02291 



Box III TEXT OF THE ABSTRACT (Confirmation of item 5 of the first sheet) 



In order to restrict access to content data held on a removable data 
carrier (83) or included in an electronic file, equipment (80, 90) for 
accessing this content is arranged only to be enabled upon a location 
condition being satisfied. This condition is tested for by obtaining 
current-location data representing the current location of the equipment, 
and comparing the current-location data with authorised-location data 
representing a predetermined authorised location or locality for operation 
of the equipment. The authorized location data may be stored in the 
equipment itself, in a remote system (40), or in the removable data 
carrier or received data file. 
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INTERNATIONAL SEARCH REPORT 



A. CLASSIFICATION OF^UBJECtI^^Ph 

IPC 7 606F1/00 ^mC 



Q7/38 



I International Application No 

^fcT/GB 01/02291 



According to international Patent Classification (IPC) or to both national classification and IPC 



B. FIELDS SEARCHED 



Minimum documentation searched (classification system followed by classification symbols) 

IPC 7 G06F H04Q 



Documentation searched other than minimum documentation to the extent that such documents are included in the fields searched 



Electronic data base consulted during the international search (name of data base and, where practical, search terms used) 

EPO-Internal 



C. DOCUMENTS CONSIDERED TO BE RELEVANT 



Category ° Citation of document, with indication, where appropriate, of the relevant passages 



Relevant to claim No. 



US 5 922 073 A (SHIMADA KAZUTOSHI) 
13 July 1999 (1999-07-13) 

column 3, line 34 -column 4, line 44; 
figures 1,2 

column 5, line 11-46; figure 5 

column 6, line 12-31; figure 11 

column 6, line 48 -column 7, line 19; 

figure 13 

column 7, line 20-40; figures 14,15 

column 11, line 22-25 

W0 98 25433 A (ERICSSON GE MOBILE INC) 

11 June 1998 (1998-06-11) 

page 3, line 28 -page 5, line 14; figure 1 



1-3,12, 
13, 

15-17,19 
4-11 



page 8, line 6-22; figure 3 



1-4,7,9, 
15 

5,6,8, 
10,11 



-/- 



LH 



Further documents are listed in the continuation of box C. 



Patent family members are listed in annex. 



° Special categories of cited documents : 

•A* document defining the general state of the art which is not 

considered to be of particular relevance 
*E' earlier document but published on or after the international 

filing date 

"L" document which may throw doubts on priority claim(s) or 
which is cited to establish the publication date of another 
citation or other special reason (as specified) 

•O" document referring to an oral disclosure, use, exhibition or 
other means 

"P* document published prior to the international filing date but 
later than the priority date claimed 



■T later document published after the international filing date 
or priority date and not in conflict with the application but 
cited to understand the principle or theory underlying the 
invention 

"X" document of particular relevance; the claimed invention 
cannot be considered novel or cannot be considered to 
involve an inventive step when the document is taken alone 

■Y' document of particular relevance; the claimed invention 

cannot be considered to involve an inventive step when the 
document is combined with one or more other such docu- 
ments, such combination being obvious to a person skilled 
in the art. 

'&' document member of the same patent family 



Date of the actual completion of the international search 



16 November 2001 



Date of mailing of the international search report 



23/11/2001 



Name and mailing address of the ISA 

European Patent Office, P.B. 5818 Patentlaan 2 
NL - 2280 HV Rijswijk 
Tel. (+31-70) 340-2040. Tx. 31 651 epo nl, 
Fax: (+31-70) 340-3016 



Authorized officer 



Moll, H-P 
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C.(Continuation) DOCUMENTS CON! 



Category * 



m 

h indicate 



D TO BE RELEVANT 



Inter 



International Application No 

T/6B 01/02291 



Citation ol document, with indication.where appropriate, of the relevant passages 



Relevant to claim No. 



WO 98 57518 A (ERICSSON GE MOBILE INC) 
17 December 1998 (1998-12-17) 

page 5, line 4 -page 6, line 13; figure 2 
page 6, line 14-30; figure 3 

US 5 243 652 A (TEARE MELVIN J ET AL) 
7 September 1993 (1993-09-07) 
column 1, line 65 -column 2, line 49; 
figure 1 

column 3, line 19-38 
abstract 



1,4-7, 
9-11,15 

2,3,8 



1,4,7,9, 

14,15 

18 
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International Application No 

CT/GB 01/02291 



Publication 
date 



Patent famr 
member(s) 



Publication 
date 



US 5922073 



13-07-1999 JP 



9190236 A 



22-07-1997 



W0 9825433 A 11-06-1998 _US^ =60-14-923 A 04-01-2000 

"735117 B2 28-06-2001 

5368298 A 29-06-1998 

9713870 A 14-03-2000 

2334859 A ,B 01-09-1999 

9825433 Al 11-06-1998 




WO 


9857518 


A 


17- 


-12- 


-1998 


AU 

BR - 

GB 

WO 


7799798 A 
9809991 A 
2342821 A 
9857518 Al 


30-12-1998 
01-08-2000 
19-04-2000 
17-12-1998 


us 


5243652 


A 


07- 


-09- 


-1993 


WO 


9408408 Al 


14-04-1994 
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# 



PCT 

REQUEST 



The undersigned requests that the present 

international application be processed 
according to the Patent Cooperation Treaty. 



EL652176463US 
For rcfl Office use only 



rc^*< 



International Application No. 



International Filing Date 



Name of receiving Office and "PCT International Application" 



(Applicant's or agent's file reference 

I (if desired) (12 characters maximum) 30003034 WO 



Box No. I TITLE OF INVENTION 
LOCATION-BASED DATA ACCESS CONTROL 



Box No. D APPLICANT 




of residence is indicated below.) 



Hewlett-Packard Company 
A Delaware Corporation 
3000 Hanover Street 
Palo Alto, California 94304 
USA 



entity, JitU official 
v. The country of the 
^residence if no State 



j j This person is also inventor. 



Telephone No. 



Facsimile No. 



Teleprinter No. 



State (tint is, country) of nationality 
US 


State (that is, country) of 

US 


residence: 




Bos No. Ill FURTHER APPLICANTS) AND/OR (FURTHER) INVENTOR(S) 





Name and address: (Family name followed by grven name; for a legal ^fy»fi lU official 
designation The address must include postal code and name oj cotmdy. The county of the 
adaressmdicctted in this Box is the applicants State(thatis t country) of residence if no State 
ofresidence is indicated below.) 

CROUCH, Simon Edwin 
17 Cranleigh Gardens 
Stoke Bishop 
Bristol BS91HD 
GB 



This person is: 

| | applicant only 

| jf] applicant and inventor 

I | inventor only (If this check-box 
L — 1 is marked, do not fill in below.) 



State (that is, country) of nationality: 
GB 



State (that is, country) of residence: 

GB 



This person is applicant 
for the purposes of: 



□ all designated T~\ all designated States except 
States I I the United States of America 



r%f \ the United States 
l#» 1 of America only 



I | the States indicated in 
| I the Supplemental Box 



| | Further applicants and/or (further) inventors are indicated on a continuation sheet. 



Box No. IV AGENT OR COMMON REPRESENTATIVE; OR ADDRESS FOR CORRESPONDENCE 



The person identified below is hereby/has been appointed to act on behalf 
of the applicant(s) before the competent International Authorities as: 



[ y| agent | | common representative 



Name and address: (Family name folded by given name; for a legal entity, full official 
designation. The address must include postal code and name of country.; 

SQUIBBS, Robert Francis 

Hewlett-Packard Limited 

Intellectual Property Section 

Filton Road 

Stoke Gifford 

Bristol BS34 8QZ 

UK 



Telephone No. 

+44 117 312 8295 



Facsimile No. 

+44 117 312 8941 



Teleprinter No. 



□~ Address for correspondence: Mark this check-box where no agent or common representative is/has been appointed and the 
space above is used instead to indicate a special address to which correspondence should be sent. 
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See Notes to the request form 



Sheet No. 



— — — ■ ^SL 

Continuation of Box No. m FU^^R APPLICANT(S) AI* 


ID/OR (FURTHER) 

s sheet should not be in 


|^roR(S) 


If none of the following sab-boxes is used, thi 


eluded in the request 


Name and address: (Family name followed by given name; far a legal entity, fitllqffigal 
designation. The address must include postal code and name of coimtrv. The cotmtry of the 
address indicated in this Box is the applicant s State (that is. country) of residence if no State 
wM&&t&8* Vindicated below.) 
VK^KERS, Paul 

6 Edward Road West 
Clevedon 

Somerset, BS21 7DY 
GB 


This person is: 

| \ applicant onry 

|X| applicant and inventor 

| I inventor oniy nj mis enccx-om 
1 — 1 is marked, do not fill in below.) 


State (that is, country) of nationality: 
GB 


State (that is, country) of residence: 

GB 




Name and address: /Family name followed by gnren name; far a legpl entity, fM official 
designation. The address must include postal code and name of coim&y. ThecoimUyofOie 
address indicated m ilxis Box is the applicants State (that is, cotaitry) of residence if novate 
of residence is indicated below.) 

WATERS, John Deryk 
35 Priory Close 
Combe Down 
Bath BA2 5AN 
GB 


This person is: 

| | applicant only 

| jjf \ applicant and inventor 

1 1 inventor only (If this check-box 
■ 1 is marked, do not fill in below.) 


State (that is, country) of nationality: 
GB 


State (that is, country) of residence: 
GB 


Sftssia^ □&£ ignated nataEsssWiGac. ' □ssswassss 


Name and address: (Family name followed by given name; for a legpl %nhty, fidl official 
designation. Tl\e address must include postal code and name of counoy. 1 he country of me 
address indicated in this Box is tie applicant s State (that is, coimtry) of residence if no State 
of residence is indicated below.) 

THOMAS, Andrew 

936 Lundy Lane Apt. A 

Los Altos, California 94024-5940 

US 


This person is: 

| ] applicant only 

|y| applicant and inventor 

1 1 inventor only (If this check-box 
■ 1 is marked, do not fill in below.) 


State (that is, country) of nationality : 

GB 


State (tfiat is, country) of residence: 
US 




Name and address: (Family name followed by given name; for a legal entity, full official 
designation. The address must include postal code and name of country. The emmtiy of the 
address indicated in this Box is foe applicant s State (that is, country) of residence if no State 

f$B6l?fW(IC^ Edward 

1 1 Beaufort Road 

Clifton 

Bristol BS8 2JU 
GB 


This person is: 

| | applicant only 

|jf | applicant and inventor 

f ~| inventor only (If this check-box 
1 1 is marked, do not fill in below.) 


State (that is, country) of nationality: 

GB 


State (that is, country) of residence: 
GB 


This person is applicant I 1 all designated | 1 all designated States except fOT the United States 1 1 the States mdicated m 

for the p^rpo^s nf: 1— 1 Statcs 1 I th6 Unfed States of America l*J of America only | 1 the Supplemental Box 


| | Further applicants and/or (further) inventors are indicated on another continuation sheet. 
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Sheet No. 3. 



Box NaV DESIGNATION O: 



^^Bde under Rule 4.9(a) (mark the applicable check-bax^f! h 



The following designations are herebf^Rde under Rule 4.9(a) (mark the applicable check-baxe^m least one must be marked): 
Regional Patent 

HAP AfUPO Patent: GH Ghana, GM Gambia, KE Kenya, LS Lesotho, MW Malawi, SD Sudan, SL Sierra Leone, SZ Swaziland, 
TZ United Republic of Tanzania, UG Uganda, ZW Zimbabwe, and any other State which is a Contracting State of the Harare 
Protocol and of the PCT 

□ EA Eurasian Parent: AM Armenia, AZ Azerbaijan, BY Belarus, KG Kyrgyzstan, KZ Kazakhstan, MD Republic of Moldova, 

RURussian Federation, TJ Tajikistan, TM Turkmenistan, and any other State which is a Contracting State of the Eurasian Patent 
Convention and of the PCT 

El EP European Patent: AT Austria, BE Belgium, CH and LI Switzerland and Liechtenstein CY Cyprus DE Germany, 
DKDenmark, ES Spain, FI Finland, FR France, GB United Kingdom, GR Greece, IE Inland, IT ItaW LU Luxembourg 
i^Jifdnaco, Netherlands, PT Portugal, SE Sweden, and any other State which is a Contracting State of the European Patent 
Convention and of trie PCT 

□ OA OAPI Patent: BF Burkina Faso, BJ Benin, CF Central African Republic, CG Congo, CI 9^ d JI vo j^jF2? CajnCT J >on - 

GA Gabon, GN Guinea, GW Guinea-Bissau, ML Mali, MRMauritama, NE Niger, SN Senegal, TD Chad, TG Togo, and anv 
other State which is a member State of OAPI and a Contracting State of the PCT (if other kind of protection or treatment desired, 

specify on dotted line) 

National Parent (if other kind of protection or treatment desired, specify on dotted line): 

□ AE United Arab Emirates □ LR Liberia 

□ AL Albania □ LS Lesotho 

□ AM Armenia □ LT Lithuania 

□ AT Austria □ LU Luxembourg 

□ AU Australia □ LV Latvia 

Q AZ Azerbaijan D MA Morocco 

□ BA Bosnia and Herzegovina □ MD Republic of Moldova 

D BB Barbados D MG Madagascar 
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Field of the Invention 

The present invention relates to location-based control of the access to data stored on a 
removable data carrier or contained in a received data file. 

Background of the Invention 

Communication infrastructures suitable for mobile users (in particular, though not 
exclusively, cellular radio infrastructures) have now become widely adopted. Whilst the 
primary driver has been mobile telephony, the desire to implement mobile data-based 
services over these infrastructures, has led to the rapid development of data-capable bearer 
services across such infrastructures. This has opened up the possibility of many Internet- 
based services being available to mobile users. 

By way of example, Figure 1 shows one form of known communication infrastructure for 
mobile users providing both telephony and data-bearer services. In this example, a mobile 
entity 20, provided with a radio subsystem 22 and a phone subsystem 23, communicates 
with the fixed infrastructure of GSM PLMN (Public Land Mobile Network) 10 to provide 
basic voice telephony services. In addition, the mobile entity 20 includes a data-handling 
subsystem 25 mterworiring, via data interface 24, with the radio subsystem 22 for the 
transmission and reception of data over a data-capable bearer service provided by the 
PLMN; the data-capable bearer service enables the mobile entity 20 to communicate with a 
service system 40 connected to the public Internet 39. The data handling subsystem 25 
supports an operating environment 26 in which applications run, the operating environment 
including an appropriate communications stack. 

More particularly, the fixed infrastructure 10 of the GSM PLMN comprises one or more 
Base Station Subsystems (BSS) 1 1 and aNetwork and Switching Subsystem NSS 12. Each 
BSS 11 comprises a Base Station Controller (BSC) 14 controlling multiple Base 
Transceiver Stations (BTS) 13 each associated with a respective "cell" of the radio 
network. When active, the radio subsystem 22 of the mobile entity 20 communicates via a 
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radio link with the BTS 13 of the cell in which the mobile entity is currently located. As 
regards the NSS 12, this comprises one or more Mobile Switching Centers (MSC) 15 
together with other elements such as Visitor Location Registers 32 and Home Location 
Register 32. 

5 

When the mobile entity 20 is used to make a normal telephone call, a traffic circuit for 
carrying digitised voice is set up through the relevant BSS 1 1 to the NSS 12 which is then 
responsible for routing the call to the target phone (whether in the same PLMN or in 
another network). 

10 

With respect to data transmission to/from the mobile entity 20, in the present example 
three different data-capable bearer services are depicted though other possibilities exist A 
first data-capable bearer service is available in the form of a Oircuit Switched Data (CSD) 
service; in this case a full traffic circuit is used for carrying data and Che MSC 32 routes the 

IS circuit to an interWorking Function IWF 34 the precise nature ofwiiich depends on what is 
connected to the other side of the IWF. Thus, IWF could be configured to provide direct 
access to the public Internet 39 (that is, provide functionality similar to an MP- Internet 
Access Provider IAP). Alternatively, the IWF could simply be a modem connecting to a 
PSTN; in this case, Internet access can be achieved by connection across the PSTN to a 

20 standard IAP. 

A second, low bandwidth, data-capable bearer service is available through use of the Short 
Message Service that passes data carried in signalling channel slots to an SMS unit which 
can be arranged to provide connectivity to the public Internet 39. 

25 

A third data-capable bearer service is provided in the form of GPRS (General Packet Radio 
S ervice which enables IP (or XJ25) packet data to be passed from the data handling system 
of the mobile entity 20, via the data interface 24, radio subsystem 21 and relevant BSS 1 1 , 
to a GPRS network 1 7 of the PLMN 10 (and vice versa). The GPRS network 17 includes a 
30 SGSN (Serving GPRS Support Node) 18 interfacing BSC 14 with the network 17, and a 
GGSN (Gateway GPRS Support Node) interfacing the network 17 with an external 
network (in this example, the public Internet 39). Full details of GPRS can be found in the 
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ETSI (European Telecommunications Standards Institute) GSM 03.60 specification. Using 
GPRS, the mobile entity 20 can exchange packet data via the BSS 1 1 and GPRS network 
17 with entities connected to the public Internet 39. 

5 The data connection between the PLMN 10 and the Internet 39 will generally be through a 
firewall 35 with proxy and/or gateway functionality. 

Different data-capable bearer services to those described above may be provided, the 
described services being simply examples of what is possible. 

10 

la Figure 1 , a service system 40 is shown connected to the Internet 40, this service system 
being accessible to the OS/application 26 running in the mobile entity by use of any of the 
data-capable bearer services described above. The data-capable bearer services could 
equally provide access to a service system that is within the domain of the PLMN operator 
15 oris connected to another public or private data network. 

With regard to the OS/application software 26 running in the data handling subsystem 25 
of the mobile entity 20, this could, for example, be a WAP application running on top of a 
WAP stack where "WAP" is the Wireless Application Protocol standard. Details of WAP 
20 can be found, for example, in the book "Official Wireless Application Protocol" Wireless 
Application Protocol Forum, Ltd published 1999 Wiley Computer Publishing. Where the 
OS/application software is WAP compliant, the firewall will generally also serve as a 
WAP proxy and gateway. Of course, OS/application 26 can comprise other functionality 
(for example, an e-mail client) instead of, or additional to, the WAP functionality. 

25 

The mobile entity 20 may take many different forms. For example, it could be two separate 
units such as a mobile phone (providing elements 22-24) and a mobile PC (data-handling 
system 25) coupled by an appropriate link (wireline, infrared or even short range radio 
system such as Bluetooth). Alternatively, mobile entity 20 could be a single unit such as a 
30 mobile phone with WAP functionality. Of course, if only data transmission/reception is 
required (and not voice), the phone functionality 24 can be omitted; an example of this is a 
PDA with built-in GSM data-capable functionality whilst another example is a digital 
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camera (the data-handling subsystem) also with built-in GSM data-capable functionality 
enabling the upload of digital images from the camera to a storage server. 

Whilst the above description has been given with reference to a PLMN based on GSM 
5 technology, it will be appreciated that many other cellular radio technologies exist and can 
typically provide the same type of functionality as described for the GSM PLMN 10. 

Recently, much interest has been shown in "location-based", "locaticm-dfcpendent", or 
10 "location-aware" services for mobile users, these being services that take account of fee 
current location of the user (or other mobile party). The most basic form of this service is 
the emergency location service whereby a user in trouble can press a panic button on their 



appended. Another well known location-based service is the provision of traffic and route- 
1 5 guiding information to vehicle drivers based on their current position. A further known 
service is a "yellow pages 9 * service where a user can find out about amenities (shops, 
restaurants, theatres, etc^ local to their ament 

will be used herein to refer genetically to these and similar services where a location 
dependency exists. 



Location-aware services all require user location as an input parameter. A number of 
methods already exist fordeteimming the location of a mobile user as represented by an 
associated mobile equipment Example location-detemnttMg methods will now be 
described with reference to Figures 2 to 5. As will be seen, some of these methods result in 
25 the user knowing their location thereby enabling them to transmit it to a location-aware 
service they are interested in receiving, Whilst other of the methods result in the user's 
location becoming known to a network entity from where it can be supplied directly to a 
location-aware service (generally only with the consent of the user concerned). It is to be 
understood that additional methods to those illustrated in Figures 2 to 5 exist 



As well as location determination, Figures 2 to 5 also illustrate how the mobile entity 
requests a location-aware service provided by service system 40. In the present examples, 




^assistance message with their location data 



20 



30 
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the request is depicted as being passed over a cellular mobile network (PLMN 10) to the 
service system 40. The PLMN is, for example, similar to that depicted in Figure 1 with the 
service request being made using a data-capable bearer service of the PLMN. The service 
system 40 may be part of the PLMN itself or connected to it through a data network such as 
5 the public Internet It should, however, be understood that infrastructure other than a 
cellular network may alternatively be used for making the service request 

The location-determining method illustrated in Figure 2 uses an inertial positioning system 
50 provided in the mobile entity 20A, this system 50 determining the displacement of the 

10 mobile entity from an initial reference position. When the mobile entity 20A wishes to 
invoke a location-aware service, it passes its current position to the corresponding service 
system 40 along with the service request 51. This approach avoids the need for an 
infrastructure to provide an external frame of reference; however, cost, size and long-term 
accuracy concerns currently make such systems unattractive for incorporation into mass- 

15 market handheld devices. 

Figure 3 shows two different location-determining methods both involving the use oflocal, 
fixed-position, beacons here shown as infra-red beacons BRD though other technologies, 
such as short-range radio systems (in particular, 'Bluetooth" systems) may equally be used. 

20 The right hand half of Figure 3 show a number of independent beacons 55 that continually 
transmit their individual locations. Mobile entity 20B is arranged to pick up the 
transmissions from a beacon when sufficiently close, thereby establishing its position to the 
accuracy of its range of reception. This location data can then be appended to a request 59 
made by the mobile entity 20B to a location-aware service available from service system 

25 40. A variation on this arrangement is for the beacons 55 to transmit information which 
whilst not directly location data, can be used to look up such data (for example, the data 
may be the Internet home page URL of a store housing the beacon 55 concerned, this home 
page giving the store location - or at least identity, thereby enabling look-up of location in 
a directory service). 

30 

In the left-hand half of Figure 3, the JRB beacons 54 are all connected to a network that 
connects to a location server 57. The beacons 54 transmit a presence signal and when 
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mobile entity 20C is sufficiently close to a beacon to pick op the presence signal, it 
responds by sending its identity to the beacon. (Thus, in this embodiment, both the beacons 
5.4 and mobile entity 20C can both receive and transmit IR signals whereas beacons 55 
only transmit, and mobile entity 20B only receives, IR signals). XiJpon a beacon 54 
5 receiving a mobile entity's identity, it sends out a message over network 56 to location 
server 57, this message Hnkmg the identity of the mobile entity 20C to the location of the 
relevant beacon 54. Now when the mobile entity wishes to invoke a location-aware service 
provided by the service system 40, since it does not know its location it must include it's 
identity in the service request 58 and rery on the service system 40 to look up the current 

10 location of the mobile entity in the location server 57. Because location data is personal 
and potentially very sensitive, the location server 57 will generally only supply location 
data to the service system 40 after the latterhasproduced^n authorizing token supplied by 
the mobile entity 20B in request 58. It- will be appreciated that whilst service system 40 is 
depicted asJhandling service requests form both types of -mobile entity 20 B and 20C, 

15 separate systems 40 may be provided for each mobile type (this is nkewisetrue in respect 
of the service systems depicted in Figures 4 and 5). 

Y * 

Figure 4 depicts several forms of GPS location-determining system. On the left-hand side 
ofFigure 4, a mobile entity 20D is provided with a standard GPS module and is capable of 
20 determining the location of entity 20D by picking up signals from satellites 60. The entity 
20D can then supply mis location when requesting, in request 61 , a location-aware service 
from service system 40. 

The right-hand side ofFigure 4 depicts, in relation to mobile entity 20E, two ways in which 
25 assistance can be provided to the entity in deriving location from GPS satellites. Fnstly, the 
PLMN 10 can be provided with fixed GPS receivers 62 that each continuously keep track 
of tile satellites 60 visible from the receiver and pass information in messages 63 to local 
mobile entities 20E as to where to look for these satellites and estimated signal arrival 
times; this enables the mobile entities 20E to substantially reduce acquisition time for the 
30 satellites and increase accuracy of measurement (see "Geolocation Technology Pinpoints 
Wireless 911 calls within 15 Feet" l-Jul-99 Lucent Technologies, Bell Labs). Secondly, as 
an alternative enhancement, the processing load on the mobile entity 20E can be reduced 
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and encoded jitter removed using the services of network entity 64 (in or accessible 
through PLMN 10). 

One the mobile unit 20E has determined its location, it can pass this information in request 
5 65 when invoking a location-aware service provided by service system 40. 

Figure 5 depicts two general approaches to location determination from signals present in 
a cellular radio infrastructure. First, it can be noted that in general both the mobile entity 
and the network will know the identity of the cell in which the mobile entity currently 

10 resides, this information being provided as part of the normal operation of the system. 
(Although in a system such as GSM, the network may only store current location to a 
resolution of a collection of cells known as a 1 'location area", the actual current cell ID will 
generally be derivable from monitoring the signals exchanged between the BSC 14 and the 
mobile entity). Beyond current basic cell ID, it is possible to get a more accurate fix by 

15 measuring timing and/or directional parameters between the mobile entity and multiple 
BTSs 1 3, these measurement being done either in the network or the mobile entity (see, for 
example, International Application WO 99/04582 that describes various techniques for 
effecting location determination in the mobile and WO 99/551 14 that describes location 
determination by the mobile network in response to requests made by location-aware 

20 applications to a mobile location center - server- of the mobile network). 

The left-hand half ofFigure 5 depicts the case of location determination being done in the 
mobile entity 20F by, for example, making Observed Time Difference (OTD) 
measurements with respect to signals from BTSs 13 and calculating location using a 

25 knowledge of BTS locations. The location data is subsequently appended to a service 
request 66 sent to service system 40 in respect of a location-aware service. The calculation 
load on mobile entity 20F could be reduced and the need for the mobile to know BTS 
locations avoided, by having a network entity do some of the work. The right-hand half of 
Figure 5 depicts the case of location determination being done in the network, for example, 

30 by making Timing Advance measurements for three BTSs 13 and using these 
measurements to derive location (this derivation typically being done in a unit associated 
with BSC 14). The resultant location data is passed to a location server 67 from where it 
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can be made available to authorised services- As for the mobile entity 2GC in Figure 3, 
when the mobile entity 20G of Figure 5 wishes to invoke a location-aware service available 
on service system 50, it sends a request 69 including an authorisation token and its ID 
(possible embedded in the token) to the service system 40; the service system then uses the 
5 authorisation token to obtain the current location of the mobile entity 20G from the 
location server 67. 

In the above examples, where the mobile entity is responsible for detennimng location, this 
will generally be done only at the time the location-aware service is being requested 
10 Where location determination is done by the infrastructure, it may be practical for systems 

ofEigure 2 where a number of infrared beacons 54will cover a generaUy fairly limited) for 
location-data collection to be done whenever a mobile entity is newly detected by an IRB, 
this data being passed to location setfvfcr 57 who© it is cached for isso whea needed. 

15 However, for systems covering large areas with potentially a large number of mobile 
entities, such as the Figure 5 system, it is more efficient to effect location detenbination as 
and when there is a perceived need to do so; thus, location determination may be triggered 
by the location server 67 in response to the service request 68 from the mobile earthy 20G 
or the mobile entity may, immediately prior to making request 68, directly trigger BSC 14 

20 to effect a location determination and feed the result to location server 67. 



Further with respect to the location servers 57, 67, whilst access authorisation by location- 
aware services has been described as being through authorisation tokens supplied by the 
mobile entities concerned, other authorisation techniques can be used. In particular, a 
25 location-aware service can be prior authorised with the location server in respect of 
particular mobile entities; in this case, each request from the service ffor location data needs 
only to establish that the request comes from a service authorised in respect of tire mobile 
entity for which the location data is requested. 

30 As ahead/ indicated, Figures 2 to 5 depict only some examples of how location 
determination can be achieved, there being many other possible combinations of 
technology used and where in the system the location-determining measurements are made 
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and location is calculated, stored and used .Thus, the location-aware service may reside in 
the mobile entity whose location is of interest, in a network-connected service system 40 
(as illustrated), or even in another mobile entity. Furthermore, whilst in the examples of 
Figures 2 to 5, invocation of the location-aware service has been by the mobile entity 
5 whose location is of interest, the nature of the location-aware service may be such that it is 
invoked by another party (including, potentially, the PLMN itself). In this case, unless the 
invoking party already knows the location of he mobile entity and can pass this information 
to the location-aware service (which may, for example, may be situation where the PLMN 
invokes the service), it is the location-aware service that is responsible for obtaining the 

10 required location data, either by sending a request to the mobile entity itself or by 
requesting the data from a location server. Unless the location server already has the 
needed information in cache, the server proceeds to obtain the data either by interrogating 
the mobile entity or by triggering infrastructure dements to locate the mobile. For example, 
where a location-aware service running on service system 40 in Figure 5 needs to find the 

15 location ofmobile 20G, it could be arranged to do so by requesting this information from 
location server 67 which in turn requests the location data from the relevant BSC, the latter 
then making the necessary determination using measurements from BTSs 13. 

Although in the foregoing, the provision of location data through the mobile radio 
20 infrastructure to the mobile entity has been treated as a service effected over a data-capable 
bearer channel, it may be expected that as location data becomes considered a basic 
element ofmobile radio infrastructure services, provision will be made in the relevant 
mobile radio standards for location data to be passed over a signalling channel to the 
mobile entity. 

25 

It is an object of the present invention to provide an improved way of restricting access to 
electronic content data by using location information. 

Summary of the Invention 

30 According to one aspect of the present invention, there is provided a control method for an 
item of equipment that is provided with particular functionality for using target data on a 
removable data carrier or in a received data file, the method involving enabling said 
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particular functionality upon at least a first location condition being satisfied, this condition 
being tested for by: 

(a) obtaining current-location data representing the current location of the equipment; 

(b) comparing the current-location data with authorised-location data that is associated 
5 with the target data and represents a predetermined authorised location or Ideality for 

operation of said particular functionality of the equipment in relation to the 
associated target data; and 

(c) generating a location-match signal upon the comparison step (b) indicatmg that the 
equipment is currently located in said authorised location or locality. 

0 

According to a second aspect of the present invention, there is provided equipment 

said particular functionality upon at least a first location condition being satisfied, the 
S control sub-system comprising, for testing this condition,: . 

- a location discovery arrangement for obtaining current-location data representing the 
current location of the equipment; 

a read arrangement for reading from the removable data carrier or received data file 
authorized-location data representing a predetermined authorized location or locality 
9 for operation of said particular functionality of the equipment; and 

a comparison arrangement for comparing the current-location data with the 
authorized-location data whereby to generate a location-match signal upon this 
comparison indicating that the equipment is currently located in said authorised 
location or locality. 

5 

According to a third aspect of the present invention, there is provided equipment including 
particular functionality for using target data provided on a removable data carrier or in a 
received data file, the equipment further including a control sub-system for enabling said 
particular functionality upon at least a first location condition being satisfied, the control 
) sub-system comprising, for testing this condition,: 

a location discovery arrangement for obtaining current-location data representing the 

current location of the equipment; 
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a store for storing in association with identity data, authorized-location data 
representing a predetermined authorized location or locality for operation of said 
particular functionality of the equipment 

a read arrangement for reading from the removable data carrier or received data file 
5 identity information relating to the target data; 

a data retrieval arrangement for using the identity information to access the 
authorized-location data held in said store in respect of the identity data matching the 
identity information; and 

a comparison arrangement for comparing the current-location data with the accessed 
10 authorized-location data whereby to generate a location-match signal upon this 

comparison indicating that the equipment is currently located in said authorised 
location or locality. 

According to a fourth aspect of the present invention, there is provided a service system for 
15 determining when an item of equipment is located at a. location where particular 
functionality of the equipment is authorised for use in accessing target data provided on a 
removable data carrier or in a received data file, the service system comprising: 

a communications sub-system for communicating with said equipment both to 
receive therefrom identity information concerning said target data, and to return to 
20 the equipment enablement signals for enabling said particular functionality for 

accessing the target data; 

a location discovery arrangement for obtaining current-location data representing the 
current location of the equipment; 

a store for storing in association with identity data, authorized-location data 
25 representing a predetermined authorized location or locality for operation of said 

particular functionality of the equipment; 

a data retrieval arrangement for using identity information received from the 
equipment via the communication sub-system to access the authorized-location data 
held in said store in respect of identity data matches the identity information; and 
30 - a comparison arrangement for comparing the current-location data with the accessed 
authorized-location data whereby to generate a location-match signal upon this 
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comparison indicating that the equipment is currently located in said authorised 
location or locality. 

According to a fifth aspect of the present invention, there is provided a removable data 
5 earner on which is registered target content data and authorised-location data, the latter 
representing a predetermined authorized location or locality where access to the target data 
is permitted. 



10 Brief Description of the Drawings 

A method and service-system, both embodying the present invention, for location-based 
equipment control, will now be described, by way of non^limiting example, with reference 
to the accompanying diagrammatic drawings, in which: 

. Figure 1 is a diagram 6f a known coj^tnrications infrastructure usable for 
1 5 transferring voice and data to/Horn* a mobile entity; 

• Figure 2 is a diagram illustrating one known approach to defennining the location of 

a mobile entity, this approach involving providing the entity with an inertial 
positioning system; 

. Figure 3 is a diagram illustrating another known approach to determining the 
20 location of a mobile entity, this approach being based on proximity of the 

mobile entity to fixed-position local beacons; 

• Figure 4 is a diagram illustrating a further known approach to determining the 

location of a mobile entity, this approach involving the use of GPS 
satellites; 

25 . Figure 5 is a diagram illustrating a still further approach to determining the location 
of a mobile entity, this approach being based on the use of signals present 
in a cellular mobile radio communications system; 

• Figure 6 is a diagram illustrating a first embodiment of the invention , this 

embodiment involving a removable data carrier; and 
30 . Figure 7 is a diagram illustrating a second embodiment of the invention, this 
embodiment also involving a removable data carrier. 
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Best Mode of Carrying Out the Invention 

In certain situations it can be desirable to be able to restrict access to certain information 
media and data files such that they could only be read at particular locations (inside a 
secure building, for example). As will be described below, embodiments of the present 
5 invention provide ways of achieving this objective by deriving the location of the 
equipment used to access the information media / data files concerned and comparing this 
location with predetermined authorized-locations data that specifies where the equipment, 
or where the media/file, are authorized for use. Where this comparison determines that the 
equipment (or at least one function of the equipment) can legitimately be used, appropriate 
10 enablement signals are generated to enable the corresponding equipment functions. 

Current location data about the equipment may be derived by the equipment itself or by a 
communications infrastructure (e.g. cellular radio network) with which the equipment 
communicates. As regards the authorised-locations data, this can be: 
15 - held in the equipment (and potentially modifiable under password control); 

embedded in "content" (removable information media, received data file) which the 
equipment is intended to process in some way at authorised locations; 
held at a remote server to which the equipment must refer, in this case, a reference 
identifying what authorised-locations data is relevant must be passed to the server 
20 (this reference could identify the equipment, a particular user, or the "content" 

concerned). The identifying reference may be provided from the equipment itself or 
from the communications infrastructure if known to the latter (which may well be die 
case if the reference concerns the identity of the equipment or user). 
The comparison of equipment current location and the authorized location data can be 
25 effected at the equipment itself or at a remote authorization server, in this latter case, the 
server returns an authorization code only when the equipment location corresponds to the 
authorized location data. 

Conditions additional to location can also be set on equipment enablement. 

30 

Figure 6 illustrates a first embodiment of the invention in which a mobile device 80, such 
as a mobile PC, is only enabled to display a video disc 83 at an authorized location that is 
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stored on the disc itself. The mobile device 80 includes playback functionality 81 that 
requires the presence of an enable signal on line 82 for it to display the contents of the disc. 
Playback functionality includes a Ideation reader 84 operative (regardless of whether or not 
the enable signal is present) to read the aaithorized-locadtion data off the disc 83 and pass it 
5 to a comparison unit 86 to which is also fed the current location of the device 20 as 
provided by a GPS system 85. Comparison unit 82 only generates the enable signal when 
the device current location corresponds to the authorized location data on the disc 83. 
Preferably, the video disc is encoded in a format that is only interpretable by devices 
having the location checking functionality built in. lie relevant parts of device 80 are 
10 preferably of tamper-proof construction so as to prevent an end-user circumventing the 
location condition placed on access to the target information on the video disc. 

Figure 7 illustrates another embodiment where a mobile device 90, such as amobile PC, is 
only enabled to decrypt and display a video disc 83 at a location specified m a database 92 

15 associated with an authorisation server 40. The mobile device is equipped with cellular 
radio functionality enabling it to communicate with the server 40 using a data-capable 
bearer service ofPIMN 10. The identity ofthe contents of the video disc 83 is read from 
the disc by the mobile device 90 and supplied to the authorisation server 40. Control 
process 91 obtains the current location of the mobile device from location server 67 of 

20 PLMN 10 and looks up the authorized location of playback ofthe contents ofthe video 
disc 83 by using the disc-contents identity to reference into database 92. Comparison 
process 93 compares the current device location with the authorized location. If the server 
finds that an authorized read location for the video-disc contents matches the current 
location of the mobile device, process 94 returns an enablement code (which may be a 

25 decryption key for the video disc contents, this key being held in database 92). 
Authorization may additionally be made dependent on the identity of the mobile PC or its 
user. For security reasons, the enablement code is preferably returned encrypted with a 
public key associated with die mobile device/user. During playing ofthe video disc, the 
content identity is arranged to be repeatedly read by device 90 so as to prevent the viewing 

30 of a different disc with different content under the authorisation granted for the original 
disc (this would only be possible if the discs were not encrypted or were encrypted with the 
same key). 
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Instead of a video disc 83, the embodiments of Figures 6 and 7 could equally be used in 
- respect of other forms of removable data carriers or received data files (received, for 

example, via an internet or intranet connection to the equipment). Furthermore, the 
5 equipment used to access the information media / data file need not be portable equipment 
and could, for example, be normal desktop office or home equipment 

It will be appreciated that many different embodiments are possible in view of the variety 
of ways the location information and authorized-locations data can be derived. 
10 Furthermore, the desired level of security may determine the details of any particular 
implementation (in particular, various authentication techniques may need to be used to 
avoid location information being falsified). 

It may be noted that it is possible to store the authorized-location data for the information 
15 media / data file in the equipment to be used for access the latter. This could be useful, for 
example, in restricting access to classified encrypted electronic documents of a company in 
dependence on the equipment location and classification level of a current document; to 
this end, the equipment is pre-programmed by the company with authorized location data 
(corresponding, for example, to company sites and locations within those sites) to be 
20 applied to particular document classification levels (the classification level of a document 
being stored with that document on the information media/file concerned and being read by 
the equipment). Thus, if the current location of the equipment is such that it is authorized 
to read documents of a classification level at least as high as that of a current document, 
then the equipment is enabled to use an appropriate decryption key (for example, stored in 
25 the equipment) for reading that electronic document Jh this context, the classification level 
of the electronic document constitutes its identity. 

Whilst in the described embodiments the location data has been expressed in terms of 
absolute location data, it would be possible also to use relative location data and also 
30 semantic location data (for example, the authorised locations could be specified as all 
premises of a particular company, in which case there would need to be a translation of this 
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semantic location data to real world locations through, for example, a database that 
specifies the absolute locations of the company's current premises). 

In the Figure 7 embodiment, communication with the authorisation server 40 is described 
5 as being via a cellular radio connection. It would, of course, also be possible to used a 
wired connection (such as a LAN connecting to the Internet) with fee current location of 
the device concerned being obtained by any appropriate manner. 

Where a piece of equipment has multiple functional units, different functions of the 
10 equipment can be locationally limited to differing extents. 

It is to be understood that the present invention is not limited to the specifics of the mobile 
entity and communication infrastructure and location discovery means shown in Figures 6 
and 7, and the gmeralisatioiis discussed above in relation to Figures 1 to 5 regarding these 
IS elements apply equally to the operational context of the described embodiments of the 
invention. Furthermore, whilst the service system 40 is shown in Figure 7 as connected to 
the public Internet, it could be connected to a GPRS network 1 7 of PLMN 10 or to another 
fixed data network interfacing directly or indirectly with the network 17 or network 39. 
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CLAIMS 

1. A control method for an item of equipment that is provided with particular functionality 
5 for using target data on a removable data carrier or in a received data file, the method 

involving enabling said particular functionality upon at least a first location condition being 
satisfied, this condition being tested for by: 

(a) obtaining current-location data representing the current location of the equipment; 

(b) comparing the current-location data with authorised-location data that is associated 
1 0 with the target data and represents a predetermined authorised location or locality for 

operation of said particular functionality of the equipment in relation to the 
associated target data; and 

(c) generating a location-match signal upon the comparison step (b) indicating that the 
equipment is currently located in said authorised location or locality, 

15 

2. A method according to claim 1, wherein the authorized-location data is stored on said 
removable data carrier or in said received data file, the equipment reading said information 

■ carrier to obtain said authorized-location data. 

20 3. A method according to claim 2, wherein steps (b) and (c) are carried out at the 
equipment 

4. A method according to claim 2, wherein the equipment has a communication sub- 
system enabling it to communicate with a remote service system via a communications 
25 infrastructure, steps (b) and (c) being carried out at the remote service system and this 
system, following the generation of a location-match signal in step (c), passing this signal 
or one produced after testing any further conditions set to be tested at the remote system, to 
the equipment via said communications infrastructure. 

30 5. A method according to claim 4, wherein the current location data is obtained by the 
service system from a location discovery system separate from the equipment 
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6. A method according to claim 4, wherein the communications infrastructure is a cellular 
radio infrastructure and the communication sub-system of the equipment is a cellular radio 
device, the infrastructure having a location discovery system for determining the location 
5 of the cellular radio device and thus of the equipment, and the remote service system 
obtaining said current-location data from the location discovery system either directly or 
via the equipment 

I. A method according to claim 1, wherein the equipment has a conununication sub- 
10 system enabling it to communicate with a remote service system via a communications 

infrastructure, the remote service system storing authorised-location data against identity 
information, and the equipment reading said data carrier or file to derive identity 
information which it passes to the service system where it is used to access the 
corresponding authorized-location data for use in step (b). 

15 

8. A method according to claim 7, wherein the authorized location data is returned to the 
equipment and steps (b) and (c) are carried out at the equipment 

9* A method according to claim 7, wherein steps (b) and (c) are carried out at the service 
20 system and this system, following the generation of a location-match signal in step (c), 
passing this signal or one produced after testing any further conditions set to be tested at 
the service system, to the equipment via said communications infrastructure. 

10. A method according to claim 9, wherein the current location data is obtained by the 
25 service system from a separate location discovery system separate from the equipment 

II. A method according to claim 9, wherein the communications infrastructure is a 
cellular radio infrastructure and the communication sub-system of the equipment is a 
cellular radio device, the infrastructure having a location discovery system for determining 

30 the location of the cellular radio device and thus of the equipment, and the remote service 
system obtaining said current-location data from the location discovery system either 
directly or via the equipment 

4 
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12. A method according to claim 1, wherein items of authorized-location data are stored 
in the equipment in association with identity data, the equipment reading said data carrier 
or file to derive identity information which it then correlates with said identity data to 

5 determine the authorized-location data item applicable to the data carrier or file, steps (b) 
and (c) then being carried out at the equipment using this item of authorized-location data 

13. A method according to claim 12, wherein said identity information identifies a 
classification of the target data. 

14. A method according to claim 1 , wherein the target data is encrypted and the enabling 
of said particular functionality involves providing a decryption key to the functionality to 
enable it to decrypt said target data. 

15. Equipment including particular functionality for using target data provided on a 
removable data carrier or in a received data file, the equipment further including a control 
sub-system for enabling said particular functionality upon at least a first location condition 
being satisfied, the control sub-system comprising, for testing this condition,: 

a location discovery arrangement for obtaining current-location data representing the 
current location of the equipment; 

a read arrangement for reading from the removable data carrier or received data file 
authorized-location data representing a predetermined authorised location or locality 
for operation of said particular functionality of the equipment; and 
a comparison arrangement for comparing the current-location data with the 
authorized-location data whereby to generate a location-match signal upon this 
comparison indicating that the equipment is currently located in said authorised 
location or locality. 

16. Equipment including particular functionality for using target data provided on a 
30 removable data carrier or in a received data file, the equipment further including a control 

sub-system for enabling said particular functionality upon at least a first location condition 
being satisfied, the control sub-system comprising, for testing this condition,: 
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a location discovery arrangement for obtaining current-location data representing the 
current location of the equipment; 

a store for storing in association with identity data, authorized-location data 
representing a predetermined authorized location or locality for operation of said 
5 particular functionality of the equipment 

a read arrangement for reading from the removable data carrier or received data file 
identity information relating to the target data; 

a data retrieval arrangement for using the identity information to access the 
authorized-location data held in said store in respect of the identity data matching the 
0 , identity information; and 

a comparison arrangement for comparing the current-location data with the accessed 
authorized-location data whereby to generate a location-match signal upon this 
comparison indicating that the equipment is currently located in said authorised 
location or locality. 

5 

17. A service system for determining when an item of equipment is located at a location 
where particular functionality of the equipment is authorised for use m accessing target 
data provided on a removable data carrier or in a received data file, the service system 
comprising: 

a communications sub-system for communicating with said equipment both to 
receive therefrom identity information concerning said target data, and to return to 
the equipment enablement signals for enabling said particular functionality for 
accessing? the target data; 

a location discovery arrangement for obtaining current-location data representing the 
current location of the equipment; 

a store for storing in association with identity data, authorized-location data 
representing a predetermined authorized location or locality for operation of said 
particular functionality of the equipment; 

a data retrieval arrangement for using identity information received from the 
equipment via the communication sub-system to access the authorized-location data 
held in said store in respect of identity data matches the identity information; and 
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a comparison arrangement for comparing the current-location data with the accessed 
authorized-location data whereby to generate a location-match signal upon this 
comparison indicating that the equipment is currently located in said authorised 
location or locality. 

18- A service system according to claim 1 6, wherein the system, following the generation 
of a location-match signal and successful testing for any further conditions set to be tested 
at the system, is operative to return to the equipment a decryption key for decrypting said 
target data. 

19. A removable data carrier on which is registered target content data and authorised- 
location data, the latter representing a predetermined authorized location or locality where 
access to the target data is permitted. 
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Location-Based Data Access Control 



Field of the Invention 

5 The present invention relates to location-based control of the access to data stored on a 
removable data carrier or contained in a received data file. 

Background of the Invention 

Communication infrastructures suitable for mobile users (in particular, though not 
10 exclusively, cellular radio infrastructures) have now become widely adopted. Whilst the 
primary driver has been mobile telephony, the desire to implement mobile data-based 
services over these infrastructures, has led to the rapid development of data-capable bearer 
services across such infrastructures. This has opened up the possibility of many Internet- 
based services being available to mobile users. 

15 

By way of example, Figure 1 shows one form of known communication infrastructure for 
mobile users providing both telephony and data-bearer services. In this example, a mobile 
entity 20, provided with a radio subsystem 22 and a phone subsystem 23, communicates 
with the fixed infrastructure of GSM PLMN (Public Land Mobile Network) 10 to provide 

20 basic voice telephony services. In addition, the mobile entity 20 includes a data-handling 
subsystem 25 interworking, via data interface 24, with the radio subsystem 22 for the 
transmission and reception of data over a data-capable bearer service provided by the 
PLMN; the data-capable bearer service enables the mobile entity 20 to communicate with a 
service system 40 connected to the public Internet 39. The data handling subsystem 25 

25 supports an operating environment 26 in which applications run, the operating environment 
including an appropriate communications stack. 

More particularly, the fixed infrastructure 10 of the GSM PLMN comprises one or more 
Base Station Subsystems (BSS) 1 1 and aNetwork and Switching Subsystem NSS 12. Each 
30 BSS 11 comprises a Base Station Controller (BSC) 14 controlling multiple Base 
Transceiver Stations (BTS) 13 each associated with a respective "cell" of the radio 
network. When active, the radio subsystem 22 of the mobile entity 20 communicates via a 
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radio link with the BTS 13 of the cell in which the mobile entity is currently located. As 
regards the NSS 12, this comprises one or more Mobile Switching Centers (MSC) 15 
together with other elements such as Visitor Location Registers 32 and Home Location 
Register 32. 

5 

When the mobile entity 20 is used to make a normal telephone call, a traffic circuit for 
carrying digitised voice is set up through the relevant BSS 1 1 to the NSS 12 which is then 
responsible for routing the call to the target phone (whether in the same PLMN or in 
another network). 

10 

With respect to data transmission to/from the mobile entity 20, in the present example 
three different data-capable bearer services are depicted though other possibilities exist A 
first data-capable bearer service is available in the form of a Circuit Switched Data (CSD) 
service; in this case a full traffic circuit is used for carrying data and the MSC 32 routes the 

1 5 circuit to an LaterWorking Function IWF 34 the precise nature of which depends on what is 
connected to the other side of the IWF. Thus, IWF could be configured to provide direct 
access to the public Internet 39 (that is, provide functionality similar to an IAP - Internet 
Access Provider IAP). Alternatively, the IWF could simply be a modem connecting to a 
PSTN; in this case, Internet access can be achieved by connection across the PSTN to a 

20 standard IAP. 
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A second, low bandwidth, data-capable bearer service is available through use of the Short 
Message Service that passes data carried in signalling channel slots to an SMS unit which 
can be arranged to provide connectivity to the public Internet 39. 

25 

A third data-capable bearer service is provided in the form of GPRS (General Packet Radio 
Service which enables IP (or X.25) packet data to be passed from the data handling system 
of the mobile entity 20, via the data interface 24, radio subsystem 21 and relevant BSS 1 1 , 
to a GPRS network 1 7 of the PLMN 10 (and vice versa). The GPRS network 17 includes a 
30 SGSN (Serving GPRS Support Node) 18 interfacing BSC 14 with the network 17, and a 
GGSN (Gateway GPRS Support Node) interfacing the network 17 with an external 
network (in this example, the public Internet 39). Full details of GPRS can be found in the 
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ETSI (European Telecommunications Standards Institute) GSM 03.60 specification. Using 
GPRS, the mobile entity 20 can exchange packet data via the BSS 1 1 and GPRS network 
17 with entities connected to the public Internet 39. 

5 The data connection between the PLMN 10 and the Internet 39 will generally be through a 
firewall 35 with proxy and/or gateway functionality. 

Different data-capable bearer services to those described above may be provided, the 
described services being simply examples of what is possible. 

0 

In Figure 1 , a service s ystem 40 is shown connected to the Internet 40, this service system 
being accessible to the OS/application 26 running in the mobile entity by use of any of the 
data-capable bearer services described above. The data-capable bearer sendees could 
equally provide access to a service system that is within the domain of the PLMN operator 
5 or is connected to another public or private data network. 

With regard to the OS/application software 26 running in the data handling subsystem 25 
of the mobile entity 20, this could, for example, be a WAP application running on top of a 
WAP stack where "WAP" is the Wireless Application Protocol standard. Details of WAP 
0 can be found, for example, in the book "Official Wireless Application Protocol" Wireless 
Application Protocol Forum, Ltd published 1999 Wiley Computer Publishing. Where the 
OS/application software is WAP compliant, the firewall will generally also serve as a 
WAP proxy and gateway. Of course, OS/application 26 can comprise other functionality 
(for example, an e-mail client) instead of, or additional to, the WAP functionality. 

5 

The mobile entity 20 may take many different forms. For example, it could be two separate 
units such as a mobile phone (providing elements 22-24) and a mobile PC (data-handling 
system 25) coupled by an appropriate link (wireline, infrared or even short range radio 
system such as Bluetooth). Alternatively, mobile entity 20 could be a single unit such as a 
0 mobile phone with WAP functionality. Of course, if only data transmission/reception is 
required (and not voice), the phone functionality 24 can be omitted; an example of this is a 
PDA with built-in GSM data-capable functionality whilst another example is a digital 
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camera (the data-handling subsystem) also with built-in GSM data-capable functionality 
enabling the upload of digital images from the camera to a storage server. 

Whilst the above description has been given with reference to a PLMN based on GSM 
5 technology, it will be appreciated that many other cellular radio technologies exist and can 
typically provide the same type of functionality as described for the GSM PLMN 10. 

Recently, much interest has been shown in "location-based", "location-dependent", or 
10 "location-aware" services for mobile users, these being services that take account of the 
current location of the user (or other mobile party). The most basic form of this service is 
the emergency location service whereby a user in trouble can press a panic button on their 
mobile phone to send an emergency request-for-assistance message with their location data 
appended. Another well known location-based service is the provision of traffic and route- 
15 guiding information to vehicle drivers based on their current position. A further known 
service is a "yellow pages" service where a user can find out about amenities (shops, 
restaurants, theatres, etc.) local to their current location. The term "location-aware services" 
will be used herein to refer generically to these and similar services where a location 
dependency exists. 



Location-aware services all require user location as an input parameter. A number of 
methods already exist for determining the location of a mobile user as represented by an 
associated mobile equipment. Example location-determining methods will now be 
described with reference to Figures 2 to 5. As will be seen, some of these methods result in 
25 the user knowing their location thereby enabling them to transmit it to a location-aware 
service they are interested in receiving, whilst other of the methods result in the user's 
location becoming known to a network entity from where it can be supplied directly to a 
location-aware service (generally only with the consent of the user concerned). It is to be 
understood that additional methods to those illustrated in Figures 2 to 5 exist. 



20 



30 



As well as location determination, Figures 2 to 5 also illustrate how the mobile entity 
requests a location-aware service provided by service system 40. In the present examples, 
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the request is depicted as being passed over a cellular mobile network (PLMN 10) to the 
service system 40. The PLMN is, for example, similar to that depicted in Figure 1 with the 
service request being made using a data-capable bearer service of the PLMN. The service 
system 40 maybe part of the PLMN itself or connected to it through a data network such as 
5 the public Internet. It should, however, be understood that infrastructure other than a 
cellular network may alternatively be used for making the service request 

The location-determining method illustrated in Figure 2 uses an inertial positioning system 
50 provided in the mobile entity 20A, this system 50 determining the displacement of the 

10 mobile entity from an initial reference position. When the mobile entity 20A wishes to 
invoke a location-aware service, it passes its current position to the corresponding service 
system 40 along with the service request 51. This approach avoids the need for an 
infrastructure to provide an external frame of reference; however, cost, size and long-term 
accuracy concerns currently make such systems unattractive for incorporation into mass- 

15 market handheld devices. 

Figure 3 shows two different location-determining methods both involving the use of local, 
fixed-position, beacons here shown as infra-red beacons IRD though other technologies, 
such as short-range radio systems (in particular, "Bluetooth" systems) may equally be used. 

20 The right hand half of Figure 3 show a number of independent beacons 55 that continually 
transmit their individual locations. Mobile entity 20B is arranged to pick up the 
transmissions from a beacon when sufficiently close, thereby establishing its position to the 
accuracy of its range of reception. This location data can then be appended to a request 59 
made by the mobile entity 20B to a location-aware service available from service system 

25 40. A variation on this arrangement is for the beacons 55 to transmit information which 
whilst not directly location data, can be used to look up such data (for example, the data 
may be the Internet home page URL of a store housing the beacon 55 concerned, this home 
page giving the store location - or at least identity, thereby enabling look-up of location in 
a directory service). 

30 

In the left-hand half of Figure 3, the IRB beacons 54 are all connected to a network that 
connects to a location server 57. The beacons 54 transmit a presence signal and when 
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mobile entity 20C is sufficiently close to a beacon to pick up the presence signal, it 
responds by sending its identity to the beacon. (Thus, in this embodiment, both the beacons 
54 and mobile entity 20C can both receive and transmit IR signals whereas beacons 55 
only transmit, and mobile entity 20B only receives, IR signals). Upon a beacon 54 
5 receiving a mobile entity's identity, it sends out a message over network 56 to location 
server 57, this message linking the identity of the mobile entity 20C to the location of the 
relevant beacon 54. Now when the mobile entity wishes to invoke a location-aware service 
provided by the service system 40, since it does not know its location it must include it's 
identity in the service request 58 and rely on the service system 40 to look up the current 
10 location of the mobile entity in the location server 57. Because location data is personal 
and potentially very sensitive, the location server 57 will generally only supply location 
data to the service system 40 after the latter has produced an authorizing token supplied by 
the mobile entity 20B in request 58. It will be appreciated that whilst service system 40 is 
depicted as handling service requests form both types of mobile entity 20 B and 20C, 
1 5 separate systems 40 may be provided for each mobile type (this is likewise true in respect 
of the service systems depicted in Figures 4 and 5). 

Figure 4 depicts several forms of GPS location-determining system. On the left-hand side 
of Figure 4, a mobile entity 20D is provided with a standard GPS module and is capable of 
determining the location of entity 20D by picking up signals from satellites 60. The entity 
20D can then supply this location when requesting, in request 6 1 , a location-aware service 
from service system 40. 

The right-hand side of Figure 4 depicts, in relation to mobile entity 20E, two ways in which 
assistance can be provided to the entity in deriving location from GPS satellites. Firstly, the 
PLMN 1 0 can be provided with fixed GPS receivers 62 that each continuously keep track 
of the satellites 60 visible from the receiver and pass information in messages 63 to local 
mobile entities 20E as to where to look for these satellites and estimated signal arrival 
times; this enables the mobile entities 20E to substantially reduce acquisition time for the 
satellites and increase accuracy of measurement (see "Geolocation Technology Pinpoints 
Wireless 911 calls within 15 Feet" l-Jul-99 Lucent Technologies, Bell Labs). Secondly,as 
an alternative enhancement, the processing load on the mobile entity 20E can be reduced 
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and encoded jitter removed using the services of network entity 64 (in or accessible 
through PLMN 10). 



One the mobile unit 20E has determined its location, it can pass this information in request 
5 65 when invoking a location-aware service provided by service system 40. 

Figure 5 depicts two general approaches to location determination from signals present in 
a cellular radio infrastructure. First, it can be noted that in general both the mobile entity 
and the network will know the identity of the cell in which the mobile entity currently 

10 resides, this information being provided as part of the normal operation of the system. 
(Although in a system such as GSM, the network may only store current location to a 
resolution of a collection of cells known as a "location area", the actual current cell ID will 
generally be derivable from monitoring the signals exchanged between the BSC 14 and the 
mobile entity). Beyond current basic cell ID, it is possible to get a more accurate fix by 

15 measuring timing and/or directional parameters between the mobile entity and multiple 
BTSs 13, these measurement being done either in the network or the mobile entity (see, for 
example, International Application WO 99/04582 that describes various techniques for 
effecting location determination in the mobile and WO 99/55 114 that describes location 
determination by the mobile network in response to requests made by location-aware 

20 applications to a mobile location center - server- of the mobile network). 



The left-hand half of Figure 5 depicts the case of location determination being done in the 
mobile entity 20F by, for example, making Observed Time Difference (OTD) 
measurements with respect to signals from BTSs 13 and calculating location using a 

25 knowledge of BTS locations. The location data is subsequently appended to a service 
request 66 sent to service system 40 in respect of a location-aware service. The calculation 
load on mobile entity 20F could be reduced and the need for the mobile to know BTS 
locations avoided, by having a network entity do some of the work. The right-hand half of 
Figure 5 depicts the case of location determination being done in the network, for example, 

30 by making Timing Advance measurements for three BTSs 13 and using these 
measurements to derive location (this derivation typically being done in a unit associated 
with BSC 14). The resultant location data is passed to a location server 67 from where it 
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can be made available to authorised services. As for the mobile entity 20C in Figure 3, 
when the mobile entity 20G of Figure 5 wishes to invoke a location-aware service available 
on service system 50, it sends a request 69 including an authorisation token and its ID 
(possible embedded in the token) to the service system 40; the service system then uses the 
5 authorisation token to obtain the current location of the mobile entity 20G from the 
location server 67. 

In the above examples, where the mobile entity is responsible for detennining location, this 
will generally be done only at the time the location-aware service is being requested. 

1 0 Where location determination is done by the infrastructure, it may be practical for systems 
covering only a limited number of users (such as the system illustrated in the left-hand half 
of Figure 2 where a number of infrared beacons 54 will cover a generally fairly limited) for 
location-data collection to be done whenever a mobile entity is newly detected by an IRB, 
this data being passed to location server 57 where it is cached for use when needed. 

15 However, for systems covering large areas with potentially a large number of mobile 
entities, such as the Figure 5 system, it is more efficient to effect location determination as 
and when there is a perceived need to do so; thus, location determination maybe triggered 
by the location server 67 in response to the service request 68 from the mobile entity 20G 
or the mobile entity may, immediately prior to making request 68, directly trigger BSC 1 4 

20 to effect a location determination and feed the result to location server 67. 

Further with respect to the location servers 57, 67, whilst access authorisation by location- 
aware services has been described as being through authorisation tokens supplied by the 
mobile entities concerned, other authorisation techniques can be used. In particular, a 
25 location-aware service can be prior authorised with the location server in respect of 
particular mobile entities; in this case, each request from the service for location data needs 
only to establish that the request comes from a service authorised in respect of the mobile 
entity for which the location data is requested. 

30 As already indicated, Figures 2 to 5 depict only some examples of how location 
determination can be achieved, there being many other possible combinations of 
technology used and where in the system the location-determining measurements are made 
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and location is calculated, stored and used .Thus, the location-aware service may reside in 
the mobile entity whose location is of interest, in a network-connected service system 40 
(as illustrated), or even in another mobile entity. Furthermore, whilst in the examples of 
Figures 2 to 5, invocation of the location-aware service has been by the mobile entity 
5 whose location is of interest, the nature of the location-aware service may be such that it is 
invoked by another party (including, potentially, the PLMN itself), hi this case, unless the 
invoking party already knows the location of he mobile entity and can pass this information 
to the location-aware service (which may, for example, may be situation where the PLMN 
invokes the service), it is the location-aware service that is responsible for obtaining the 

10 required location data, either by sending a request to the mobile entity itself or by 
requesting the data from a location server. Unless the location server already has the 
needed information in cache, the server proceeds to obtain the data either by interrogating 
the mobile entity or by triggering infirastructure elements to locate the mobile. For example, 
where a location-aware service running on service system 40 in Figure 5 needs to find the 

1 5 location of mobile 20G, it could be arranged to do so by requesting this information from 
location server 67 which in turn requests the location data from the relevant BSC, the latter 
then making the necessary determination using measurements from BTSs 13. 

Although in the foregoing, the provision of location data through the mobile radio 
20 infrastructure to the mobile entity has been treated as a service effected over a data-capable 
bearer channel, it may be expected that as location data becomes considered a basic 
element of mobile radio infrastructure services, provision will be made in the relevant 
mobile radio standards for location data to be passed over a signalling channel to the 
mobile entity. 



25 



It is an object of the present invention to provide an improved way of restricting access to 
electronic content data by using location information. 



Summary of the Invention 

30 According to one aspect of the present invention, there is provided a control method for an 
item of equipment that is provided with particular functionality for using target data on a 
removable data carrier or in a received data file, the method involving enabling said 
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particular functionality upon at least a first location condition being satisfied, this condition 
being tested for by: 

(a) obtaining current-location data representing the current location of the equipment; 

(b) comparing the current-location data with authorised-location data that is associated 
5 with the target data and represents a predetermined authorised location or locality for 

operation of said particular functionality of the equipment in relation to the 
associated target data; and 

(c) generating a location-match signal upon the comparison step (b) indicating that the 
equipment is currently located in said authorised location or locality. 

0 

According to a second aspect of the present invention, there is provided equipment 
including particular functionality for using target data provided on a removable data carrier 
or in a received data file, the equipment further including a control sub-system for enabling 
said particular functionality upon at least a first location condition being satisfied, the 
5 control sub-system comprising, for testing this condition,: 

a location discovery arrangement for obtaining current-location data representing the 

current location of the equipment; 

a read arrangement for reading from the removable data carrier or received data file 
authorized-location data representing a predetermined authorized location or locality 
0 for operation of said particular functionality of the equipment; and 

a comparison arrangement for comparing the current-location data with the 
authorized-location data whereby to generate a location-match signal upon this 
comparison indicating that the equipment is currently located in said authorised 
location or locality. 

5 

According to a third aspect of the present invention, there is provided equipment including 
particular functionality for using target data provided on a removable data carrier or in a 
received data file, the equipment further including a control sub-system for enabling said 
particular functionality upon at least a first location condition being satisfied, the control 
0 sub-system comprising, for testing this condition,: 

a location discovery arrangement for obtaining current-location data representing the 
current location of the equipment; 
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a store for storing in association with identity data, authorized-location data 
representing a predetermined authorized location or locality for operation of said 
particular functionality of the equipment 

a read arrangement for reading from the removable data carrier or received data file 
5 identity information relating to the target data; 

a data retrieval arrangement for using the identity information to access the 
authorized-location data held in said store in respect of the identity data matching the 
identity information; and 

a comparison arrangement for comparing the current-location data with the accessed 
0 authorized-location data whereby to generate a location-match signal upon this 

comparison indicating that the equipment is currently located in said authorised 
location or locality. 



According to a fourth aspect of the present invention, there is provided a service system for 
determining when an item of equipment is located at a. location where particular 
functionality of the equipment is authorised for usein accessing target data provided on a 
removable data carrier or in a received data file, the service system comprising: 

a communications sub-system for communicating with said equipment both to 
receive therefrom identity information concerning said target data, and to return to 
the equipment enablement signals for enabling said particular functionality for 
accessing the target data; 

a location discovery arrangement for obtaining current-location data representing the 
current location of the equipment; 

a store for storing in association with identity data, authorized-location data 
representing a predetermined authorized location or locality for operation of said 
particular functionality of the equipment; 

a data retrieval arrangement for using identity information received from the 
equipment via the communication sub-system to access the authorized-location data 
held in said store in respect of identity data matches the identity information; and 
a comparison arrangement for comparing the current-location data with the accessed 
authorized-location data whereby to generate a location-match signal upon this 
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comparison indicating that the equipment is currently located in said authorised 
location or locality. 

According to a fifth aspect of the present invention, there is provided a removable data 
5 carrier on which is registered target content data and authorised-location data, the latter 
representing a predetermined authorized location or locality where access to the target data 
is permitted. 



10 Brief Description of the Drawings 

A method and service-system, both embodying the present invention, for location-based 
equipment control, will now be described, by way of non-limiting example, with reference 
to the accompanying diagrammatic drawings, in which: 

. Figure 1 is a diagram of a known communications infrastructure usable for 
1 5 transferring voice and data to/from a mobile entity; 

. Figure 2 is a diagram illustrating one known approach to determining the location of 

a mobile entity, this approach involving providing the entity with an inertial 

positioning system; 

. Figure 3 is a diagram illustrating another known approach to detennining the 
20 location of a mobile entity, this approach being based on proximity of the 

mobile entity to fixed-position local beacons; 
• Figure 4 is a diagram illustrating a further known approach to determining the 

location of a mobile entity, this approach involving the use of GPS 

satellites; 

25 . Figure 5 is a diagram illustrating a still further approach to determining the location 
of a mobile entity, this approach being based on the use of signals present 
in a cellular mobile radio communications system; 
.Figure 6 is a diagram illustrating a first embodiment of the invention , this 
embodiment involving a removable data carrier; and 

30 . Figure 7 is a diagram illustrating a second embodiment of the invention, this 
embodiment also involving a removable data carrier. 
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Best Mode of Carrying Out the Invention 

In certain situations it can be desirable to be able to restrict access to certain information 
media and data files such that they could only be read at particular locations (inside a 
secure building, for example). As will be described below, embodiments of the present 
5 invention provide ways of achieving this objective by deriving the location of the 
equipment used to access the information media / data files concerned and comparing this 
location with predetermined authorized-locations data that specifies where the equipment, 
or where the media/file, are authorized for use. Where this comparison determines that the 
equipment (or at least one function of the equipment) can legitimately be used, appropriate 
1 0 enablement signals are generated to enable the corresponding equipment functions. 

Current location data about the equipment may be derived by the equipment itself or by a 
communications infrastructure (e.g. cellular radio network) with which the equipment 
communicates. As regards the authorised-locations data, this can be: 
15 - held in the equipment (and potentially modifiable under password control); 



concerned). The identifying reference may be provided from the equipment itself or 
from the communications infrastructure if known to the latter (which may well be the 
case if the reference concerns the identity of the equipment or user). 

The comparison of equipment current location and the authorized location data can be 
25 effected at the equipment itself or at a remote authorization server; in this latter case, the 

server returns an authorization code only when the equipment location corresponds to the 

authorized location data. 

Conditions additional to location can also be set on equipment enablement. 



Figure 6 illustrates a first embodiment of the invention in which a mobile device 80, such 
as a mobile PC, is only enabled to display a video disc 83 at an authorized location that is 



embedded in "content" (removable information media, received data file) which the 
equipment is intended to process in some way at authorised locations; 



20 



held at a remote server to which the equipment must refer; in this case, a reference 
identifying what authorised-locations data is relevant must be passed to the server 
(this reference could identify the equipment, a particular user, or the "content" 



30 
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stored on the disc itself. The mobile device 80 includes playback functionality 81 that 
requires the presence of an enable signal on line 82 for it to display the contents of the disc. 
Playback functionality includes a location reader 84 operative (regardless of whether or not 
the enable signal is present) to read the authorized-location data off the disc 83 and pass it 
5 to a comparison unit 86 to which is also fed the current location of the device 20 as 
provided by a GPS system 85. Comparison unit 82 only generates the enable signal when 
the device current location corresponds to the authorized location data on the disc 83. 
Preferably, the video disc is encoded in a format that is only interpretable by devices 
having the location checking functionality built in. The relevant parts of device 80 are 
10 preferably of tamper-proof construction so as to prevent an end-user circumventing the 
location condition placed on access to the target information on the video disc. 

Figure 7 illustrates another embodiment where a mobile device 90, such as a mobile PC, is 
only enabled to decrypt and display a video disc 83 at a location specified in a database 92 

15 associated with an authorisation server 40. The mobile device is equipped with cellular 
radio functionality enabling it to communicate with the server 40 using a data-capable 
bearer service of PLMN 10. The identity of the contents of the video disc 83 is read from 
the disc by the mobile device 90 and supplied to the authorisation server 40. Control 
process 91 obtains the current location of the mobile device from location server 67 of 

20 PLMN 10 and looks up the authorized location of playback of the contents of the video 
disc 83 by using the disc-contents identity to reference into database 92. Comparison 
process 93 compares the current device location with the authorized location. If the server 
finds that an authorized read location for the video-disc contents matches the current 
location of the mobile device, process 94 returns an enablement code (which may be a 

25 decryption key for the video disc contents, this key being held in database 92). 
Authorization may additionally be made dependent on the identity of the mobile PC or its 
user. For security reasons, the enablement code is preferably returned encrypted with a 
public key associated with the mobile device/user. During playing of the video disc, the 
content identity is arranged to be repeatedly read by device 90 so as to prevent the viewing 

30 of a different disc with different content under the authorisation granted for the original 
disc (this would only be possible if the discs were not encrypted or were encrypted with the 
same key). 
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Instead of a video disc 83, the embodiments of Figures 6 and 7 could equally be used in 
respect of other forms of removable data carriers or received data files (received, for 
example, via an internet or intranet connection to the equipment). Furthermore, the 
5 equipment used to access the information media / data file need not be portable equipment 
and could, for example, be normal desktop office or home equipment 

It will be appreciated that many different embodiments are possible in view of the variety 
of ways the location information and authorized-locations data can be derived. 
10 Furthermore, the desired level of security may determine the details of any particular 
implementation (in particular, various authentication techniques may need to be used to 
avoid location information being falsified). 

It may be noted that it is possible to store the authorized-location data for the information 
1 5 media / data file in the equipment to be used for access the latter. This could be useful, for 
example, in restricting access to classified encrypted electronic documents of a company in 
dependence on the equipment location and classification level of a current document; to 
this end, the equipment is pre-programmed by the company with authorized location data 
(corresponding, for example, to company sites and locations within those sites) to be 
20 applied to particular document classification levels (the classification level of a document 
being stored with that document on the information media/file concerned and being read by 
the equipment). Thus, if the current location of the equipment is such that it is authorized 
to read documents of a classification level at least as hig|h as that of a current document, 
then the equipment is enabled to use an appropriate decryption key (for example, stored in 
25 the equipment) for reading that electronic document. In this context, the classification level 
of the electronic document constitutes its identity. 

Whilst in the described embodiments the location data has been expressed in terms of 
absolute location data, it would be possible also to use relative location data and also 
30 semantic location data (for example, the authorised locations could be specified as all 
premises of a particular company, in which case there would need to be a translation of this 
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semantic location data to real world locations through, for example, a database that 
specifies the absolute locations of the company's current premises). 



In the Figure 7 embodiment, communication with the authorisation server 40 is described 
5 as being via a cellular radio connection. It would, of course, also be possible to used a 
wired connection (such as a LAN connecting to the Internet) with the current location of 
the device concerned being obtained by any appropriate manner. 



Where a piece of equipment has multiple functional units, different functions of the 
10 equipment can be locationally limited to differing extents. 

It is to be understood that the present invention is not limited to the specifics of the mobile 
entity and communication infrastructure and location discovery means shown in Figures 6 
and 7, and the generalisations discussed above in relation to Figures 1 to 5 regarding these 
15 elements apply equally to the operational context of the described embodiments of the 
invention. Furthermore, whilst the service system 40 is shown in Figure 7 as connected to 
the public Internet, it could be connected to a GPRS network 17 of PLMN 10 or to another 
fixed data network interfacing directly or indirectly with the network 17 or network 39. 



